Trend Micro fixes bug Chinese hackers exploited for espionage

Gandalf_The_Grey

Gandalf_The_Grey

Level 71
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,933
Content source
https://www.bleepingcomputer.com/news/security/trend-micro-fixes-bug-chinese-hackers-exploited-for-espionage/
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.

As Sentinel Labs revealed in an early-May report, the attackers exploited the fact that security products run with high privileges on Windows to plant and load their own maliciously crafted DLL into memory, allowing them to elevate privileges and execute code.

"Trend Micro is aware of some research that was published on May 2, 2022, regarding a purported Central-Asian-based threat actor dubbed 'Moshen Dragon' that had deployed malware clusters that attempted to hijack various popular security products, including one from Trend Micro," the cybersecurity company said.

After analyzing the report and its product line, the company discovered that only the Trend Micro Security consumer-focused product was affected, with no other commercial or business products impacted.

"For Trend Micro Security (Consumer), a fix was deployed via Trend Micro's ActiveUpdate (AU) on May 19, 2022, and any user with an active internet connection should receive the update shortly if they have not yet already received it," the antivirus vendor added.
Click to expand...
DLL hijacking bugs in multiple security products

The Moshen Dragon group also reportedly abused similar bugs in security products from Bitdefender, McAfee, Symantec, and Kaspersky to install Impacket, a Python kit designed for lateral movement and remote code execution via Windows Management Instrumentation (WMI).
Click to expand...
While Trend Micro has published an advisory detailing the mitigation measures taken to stop Moshen Dragon from abusing its security products for malicious products, the other vendors are yet to confirm if their products have been affected and if the bugs have been patched.

BleepingComputer has reached out to spokespersons from Bitdefender, McAfee, Symantec, and Kaspersky for comment but has yet to receive a reply.
Click to expand...
 
  • Like
  • +Reputation
  • Wow
Reactions: franz, Faybert, SeriousHoax and 3 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
AV-TEST Security Software for Windows: 18 Security Packages Put to the Test
Replies
1
Views
552
Security Statistics and Reports
Bot
Bot
Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Adobe collaborates with Trend Micro and the Microsoft Active Protections Program
Replies
0
Views
854
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Thanks
AV-TEST Security vs. Ransomware: 34 Solutions in the Advanced Threat Protection Test
Replies
24
Views
1,939
Security Statistics and Reports
likeastar20
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top